Reputation: 733
Unable to initialise vault
I'm trying to initialise vault with below command, running the command with root using,
also tried with 'vault' user. owner of the /etc/vault directory set to vault user but getting the same error with vault user as well.
vault operator init > /etc/vault/config/init.file
But failing with below error:
root@ip-172-31-65-238:~# vault operator init > /etc/vault/config/init.file
Error initializing: Error making API request.
URL: PUT http://127.0.0.1:8200/v1/sys/init
Code: 400. Errors:
* failed to initialize barrier: failed to persist keyring: mkdir /etc/vault/data/core: read-only file system
My vault config file looks like below:
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = "1"
}
api_addr = "http://127.0.0.1:8200"
storage "file" {
path = "/etc/vault/data"
}
ui = true
I have exported environment variable as below:
export VAULT_ADDR=http://127.0.0.1:8200
My systemd file looks like below:
[Unit]
Description=vault service
Documentation=https://www.vaultproject.io/docs/
Requires=network-online.target
After=network-online.target
ConditionFileNotEmpty=/etc/vault/config/default.hcl
[Service]
User=vault
Group=vault
ProtectSystem=full
ProtectHome=read-only
PrivateTmp=yes
PrivateDevices=yes
SecureBits=keep-caps
AmbientCapabilities=CAP_IPC_LOCK
Capabilities=CAP_IPC_LOCK+ep
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
NoNewPrivileges=yes
ExecStart=/usr/local/bin/vault server -config=/etc/vault/config/default.hcl -log-level=info
ExecReload=/bin/kill --signal HUP \$MAINPID
KillMode=process
KillSignal=SIGINT
Restart=on-failure
RestartSec=5
TimeoutStopSec=30
StartLimitIntervalSec=60
StartLimitBurst=3
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
Upvotes: 2
Views: 6099
Answers (2)
Reputation: 129
First, check if you have created the vault user. otherwise, change the user in your service file. and update ProtectHome=read-write vaule.
[Service]
User=root
Group=root
ProtectSystem=full
ProtectHome=read-write
and then create the file manually.
mkdir -p /etc/vault/data/core
Upvotes: 0
Reputation: 399
I don't have enough information about your environment but you might have some issue regarding the file permissions.
Someone had a similar problem in a Google Cloud server - it had to do with a missing "read_write" service-account scope, as you can see here: https://github.com/hashicorp/vault/issues/6085
Upvotes: 2
Related Questions
- HashiCorp Vault Error 403 Permission denied
- Error initializing: context deadline exceeded Hashicorp Vault
- Unable to unseal hashicorp vault after system reboot
- Caused by: java.lang.IllegalArgumentException: Token (spring.cloud.vault.token) must not be empty - Hashicorp Vault
- Hashicorp Vault reading creds - failed to find entry for connection with name: db_name
- Hashicorp Vault: "Code: 400. Errors" Error Message
- Hashicorp Vault - read failed: decryption failed: cipher: message authentication failed
- Spring Boot & Vault: incomplete context initialization issue
- Vault error while writing
- why does hashicorp vault json config fail with "Error initializing listener of type listener"?